Junk electronic mail detector and eliminator

ABSTRACT

A method and system for parsing and analyzing incoming electronic mail messages to determine a confidence factor indicative of whether or not the messages are junk e-mail. The method and system utilize message services which attempt to contact the purported sender in order to verify that the identified host computer actually exists and accepts outgoing mail services for the specified user. The routing history is also examined to ensure that identified intermediate sites are also valid. Likewise, seed addresses can alert an e-mail provider to potential mass mailings by reporting when mail is received for ghost or non-existent accounts.

[0001] This is a non-provisional application based on ProvisionalApplication Serial No. 60/066,292 filed Nov. 25, 1997, the contents ofwhich are incorporated herein by reference.

BACKGROUND OF THE INVENTION

[0002] 1. Field of the Invention

[0003] The present invention concerns electronic messaging in generaland electronic mail in particular, and provides a method and system forhandling electronic mail messages, verifying the origination of messagesto determine the probability that they are or are not junk e-mail, anddetecting that a mass mailing has been initiated by utilizing specialaddresses.

[0004] 2. Description of the Background

[0005] Digital storage of information brings with it the ability totransfer such information easily and inexpensively. As a result of thissituation, unwanted or unsolicited junk e-mail (sometimes referred to as“spam”) has become prevalent on the Internet since messages can be sentwithout a specific “per-character” cost. As a result, the average e-mailaccount currently receives a number of unsolicited, unwelcome pieces ofjunk e-mail each day, with a rapidly increasing number of pieces beingforecast.

[0006] Documents are available which describe electronic mail handlingprocedures. In particular, two Internet standards on e-mail areincorporated herein by reference in their entirety. They are: InternetSTD0014 entitled “MAIL ROUTING AND THE DOMAIN SYSTEM” (also known as RFC974) and Internet STD0010 entitled “SIMPLE MAIL TRANSFER PROTOCOL” (alsoknown as RFC 821). The contents of the Second Edition of “sendmail” byBryan Costales and Eric Allman, published by O'Reilly Publishing, isalso incorporated herein by reference. Further, some issued patentsaddress the general handling of electronic mail. For example, U.S. Pat.No. 5,377,354 teaches a method for prioritizing a plurality of incomingelectronic mail messages by comparing the messages with a list of keywords. U.S. Pat. No. 5,619,648 teaches a method for reducing junk e-mailwhich uses non-address information and uses a filtering system that hasaccess to models of the user's correspondents. The e-mail system adds arecipient identifier that is used to further specify the recipients inthe group to whom the message is sent who should actually receive themessage.

[0007] U.S. Pat. No. 5,555,426 teaches a method and apparatus fordisseminating messages to unspecified users in a data processing system.The method permits users to associate conditions of interest, such askeywords or originator identities, but does not perform any verificationof the originator's identity. The method permits messages to be sentbased upon probable interest in the message, rather than being addressedto any specific individual.

[0008] U.S. Pat. No. 5,627,764 teaches a method for implementing arules-based system that can run a user's set of rules under systemcontrol and process messages according to the user's rules. Peloria MailScout uses rules to screen junk mail by limiting messages to only knownand acceptable senders, but makes no provision for unknown, yetacceptable senders.

[0009] U.S. Pat. No. 5,675,733 teaches a method for collecting, sorting,and compiling statistical summaries of message acknowledgment data, alsoknown as Confirmations of Delivery or COD's. The invention teaches amethod for acknowledging a single message to multiple recipients andgenerating a statistical list of information delivery under suchcircumstances. Each of the above-referenced U.S. patents areincorporated herein by reference in their entirety.

SUMMARY OF THE INVENTION

[0010] It is an object of the present invention to address deficienciesin known e-mail handling systems.

[0011] This object and other objects of the present invention areaddressed through the use of a computer system or mail handling systemwhich provides enhanced blocking of junk e-mail. Accordingly, thepresent invention first ascertains if the sender of the e-mail has averifiable identity and valid computer address. Based upon thatdetermination, certain user-assignable and computable confidence ratiosmay be automatically determined. If the identity cannot be verified orthe address is determined not to be valid or usable for a reply to thesender, the mail can be assigned a presumptive classification as junke-mail. By applying additional filters, the confidence ratio can beincreased to nearly 100%, and the mail can be handled in accordance withstandard rules-based procedures, providing for a range of alternativesthat include deletion or storage in a manner determined by the user.

[0012] The system of the present invention also advantageously utilizesa cooperative tool, known as an authenticator, to determine if areceived e-mail is a junk e-mail. The mail handling system, eitherautomatically or as part of a mail filter, contacts an authenticatorwith information about a received e-mail. If the authenticator hasreceived negative or adverse notifications from other users who havereceived the same or similar e-mails, the authenticator informs any mailhandling systems that ask that the received e-mail is very likely junke-mail. This information from the authenticator along with other factorscan be weighted to provide an overall confidence rating.

[0013] The system of the present invention also advantageously utilizesa list of “seed” addresses that do not correspond to real users but,rather, to special non-existent (or ghost) accounts. When a message isreceived that is addressed to a ghost account, the system searches otherincoming and recently received messages for the same message body. Formessages with the same message body as received for the ghost account,the system marks the messages as having a high probability of being junke-mail. In an alternate embodiment, the system of the present inventionprovides cooperative filtering by sending the message body toauthenticators or other systems to help the authenticators or othersystems to determine that the message is probably a junk e-mail.

BRIEF DESCRIPTION OF THE DRAWINGS

[0014]FIG. 1 is a schematic illustration of a computer system forperforming the method of the present invention;

[0015]FIG. 2 is a listing of a first exemplary header that is analyzedaccording to the present invention;

[0016]FIG. 3 is a listing of a second exemplary header that is analyzedaccording to the present invention;

[0017]FIG. 4 is a pseudo-code listing of how deliverability is testedaccording to the present invention,

[0018]FIG. 5 is a pseudo-code listing of how confidence testing of amessage is performed according to the present invention;

[0019]FIGS. 6A and 6B are flow diagrams of how message creation,transmission, and reception are processed according to the presentinvention;

[0020]FIG. 7 is a schematic illustration of plural computers whichinteract to send, receive, and process/authenticate e-mail according tothe present invention; and

[0021]FIG. 8 is a schematic illustration of the operation of theauthenticator of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

[0022] Referring now to the drawings, wherein like reference numeralsdesignate identical or corresponding parts throughout the several views,FIG. 1 is a schematic illustration of a computer system for blockingunwanted or junk e-mails. A computer 100 implements the method of thepresent invention, wherein the computer housing 102 houses a motherboard104 which contains a CPU 106, memory 108 (e.g., DRAM, ROM, EPROM,EEPROM, SRAM and Flash RAM), and other optional special purpose logicdevices (e.g., ASICs) or configurable logic devices (e.g., GAL andreprogrammable FPGA). The computer 100 also includes plural inputdevices, (e.g., a keyboard 122 and mouse 124), and a display card 110for controlling monitor 120. In addition, the computer system 100further includes a floppy disk drive 114; other removable media devices(e.g., compact disc 119, tape, and removable magneto-optical media (notshown)); and a hard disk 112, or other fixed, high density media drives,connected using an appropriate device bus (e.g., a SCSI bus or anEnhanced IDE bus). Although compact disc 119 is shown in a CD caddy, thecompact disc 119 can be inserted directly into CD-ROM drives which donot require caddies. Also connected to the same device bus or anotherdevice bus as the high density media drives, the computer 100 mayadditionally include a compact disc reader 118, a compact discreader/writer unit (not shown) or a compact disc jukebox (not shown). Inaddition, a printer (not shown) also provides printed e-mails.

[0023] The system further includes at least one computer readablemedium. Examples of computer readable media are compact discs 119, harddisks 112, floppy disks, tape, magneto-optical disks, PROMs (EPROM,EEPROM, Flash EPROM), DRAM, SRAM, etc. Stored on any one or on acombination of the computer readable media, the present inventionincludes software for controlling both the hardware of the computer 100and for enabling the computer 100 to interact with a human user. Suchsoftware may include, but is not limited to, device drivers, operatingsystems and user applications, such as development tools. Such computerreadable media further includes the computer program product of thepresent invention for blocking unwanted e-mails. These computer readablemedia can include programs, dynamic link libraries, scripts, or anyother executable or interpreted code, including, but not limited to,Java code, C or C++ code, Perl scripts, and Active X controls.

[0024] The method and system of the present invention assign confidenceratings to messages to signify the statuses of the messages as junke-mails or as a bonafide messages that the recipient may wish to read.The method and system begin by analyzing the origins and transmissionpaths of the messages. The sender's origination information is extractedfrom the e-mail message and an automatic reply (called a verificationrequest) is created and sent. Based on the verification response that isreceived in response to the verification request, the sender is scoredas to the probable characteristics, origination, validity, anddesirability of the mail. Incoming messages (e-mails) are automaticallyscanned and parsed, either (1) at a server located at an Internetprovider (prior to delivery to the intended ultimate recipient), (2) ata LAN-based receiving station, or (3) at the actual ultimate recipient'smail machine, i.e., local to the user. Once the message has been parsedor broken down into fields, the message is compared with several userdefined rules for handling messages, and a confidence rating is assignedto the message. In one embodiment, the message header information isanalyzed and a verification request(s) is/are automatically sent to thepurported sender(s), as identified by fields such as “From:” or“Reply-To:”. If there is a delivery problem in delivering theverification request, the presumed validity of the message is reduced inaccordance with a set of user-definable criteria. In addition todetermining the purported origination point, the present inventionautomatically analyzes all information pertaining to the sender, thepath of delivery, any information pertaining to copies, blind copies, orother indicia of validity of the origin of the message to determine ifthere has been a discernable effort to obscure the origin, disguise thesender, or in some other way to inhibit the recipient from performingverification of the sender's identity. For example, if a message haspurportedly been relayed through a machine named mail.fromnowhere.comand the mail handling system has determined that such a machine does notactually exist, the confidence rating for the message should bedecreased.

[0025] Techniques for reducing the amount of junk e-mail by usingconfidence rating technology based upon characteristics of junk e-mailare also implemented in the invention. Factors that the inventionincorporates in a determination of the status of mail as junk e-mail ora valid message, include maintaining (1) a list of certain mailproviders known to be an origination point of junk e-mail, (2) adictionary of certain content frequently found in junk e-mail, and (3) alearning knowledge base that creates its own rules to ascertain priorjunk e-mail characteristics and subsequently adds those criteria to theknowledge base to prevent future junk e-mail with the same or similarcharacteristics from being delivered.

[0026] Primary components of the invention are (1) screening allincoming messages by the receiver on either the mail server or the localreceiving facility and (2) automatically sending a reply (in the form ofa verification request) to the purported sender(s). The verificationrequest is sent to all address locations contained in the sender'saddress information or any subset of those addresses as determined bythe recipient. If that verification request is undeliverable (asdetermined by the receipt of the corresponding verification response),the message can be automatically deleted or marked as junk e-mail. Inaddition, rules filters can be used in conjunction with the presumptivetest for a purported sender's address, to determine a confidence ratingbased upon a scoring technique, which the user can set forth based uponfactors the user considers to be most significant. The e-mail filteringcan be used in conjunction with the verification response to refine theconfidence rating. As an example, a previously read junk e-mail can beadded to the rules base to look for certain phrases. This may not besufficient, however, to screen out valid mail that cites or quotes fromthe junk e-mail. If, however, the content is combined with an addressthat cannot pass a verification request, the user may wish to assign a100% confidence rating, and the mail can optionally be automaticallydeleted.

[0027]FIG. 2 shows an exemplary e-mail header that is received by thesystem of the present invention. The fields for “Return Path:,” “From:,”and “Reply-To:” are highlighted as three of the fields which the presentinvention will parse from the message header. The line:

[0028] From: 48941493@notarealaddress.com

[0029] is broken down into a user id (48941493) and a host name(notarealaddress.com). Likewise, the line:

[0030] Reply-To: junker@notarealaddress3.com

[0031] is also broken down into its corresponding user id (junker) andhost name (notarealaddress3.com). Both of these addresses will receiveverification requests attempting to verify that these addressesrepresent valid user and host names. The same process is performed onthe message header shown in FIG. 3.

[0032] Accordingly, the system of the present invention can analyzee-mail headers to determine whether or not the e-mail has been receivedfrom a site suspected of sending junk e-mail. A received e-mail thatconforms to RFC 821 includes fields identifying the sender and therecipient, i.e., the “From:” and the “To:” fields, respectively.Messages may optionally contain a “Reply-To:” field if a user wishes tohave his/her replies directed to a different e-mail address. Since junke-mails often come from either non-existent users or non-existent sitesor both, a first level check is to determine if the alleged senderidentified by the “From:” or “Reply-To:” fields are valid. This firstlevel check corresponds to issuing a verification request and can be inmany forms, including: (1) sending a message to the user identified bythe “From:” or “Reply-To:” fields and examining whether the message canbe successfully delivered, (2) using the UNIX “whois” command todetermine if a site (or host) by that name actually exists, (3) usingthe UNIX “finger” command to identify if a user name exists at averifiable host, (4) using the “vrfy” command when connected to asendmail daemon to verify that a user exists at a particular site, and(5) using the UNIX “traceroute” command to make sure there is a validroute back to the specified host. It is presently preferred to utilize amethod which does not create an endless cycle of messages whileattempting to verify a sender's address. That is, if each messagegenerated a sender verification message which in turn generated a senderverification message, then the system would quickly become inundatedwith extra messages.- Accordingly, the present invention utilizesmessaging for sender verification that do not generate a cascade of newverification requests. In an alternate embodiment, the system keepstrack of which verification requests are outstanding and therebyprevents cascading requests by limiting the system to sending a singleverification message for a particular address within a period of time.The system thus maintains a cache of recently authorized and recentlydenied addresses.

[0033]FIG. 4 shows a test of deliverability for three messages receivedby a mail handling system. Each of the three header messages is parsedinto fields to enable the system to determine purported senders. Thesystem then generates replies to the messages in the form ofverification requests. Each of the verification requests is sent to thepurported sender of its corresponding message, and the replies orverification responses are analyzed. For each of the verificationrequests that were undeliverable, the system marks the message assuspected junk e-mail, otherwise the message passes the senderdeliverability test. Additionally, the verification request, whensuccessful, performs the function of providing a return receiptverification.

[0034] The process of FIG. 4 can be augmented in an alternate embodimentto include the confidence testing shown in FIG. 5. By analyzing phrasesand keywords in the message bodies, better confidence values can beassigned to each e-mail message.

[0035] When verifying that a user is a valid user by sending averification request in the form of an e-mail message, the systemcreates and transmits an e-mail message and examines the verificationresponse as shown in FIGS. 6A, 6B, and 7. The network that connects thecomputers can either be a local area network, a wide area network, orthe Internet. Table I below shows the steps of creating and transmittingan e-mail message and of receiving a delivery result message as shown inFIGS. 6A and 6B. TABLE I A. Message Creation 1. Address header 2.Subject 3. Message content B. Message Transmission 1. Address Header 2.Routing a) To b) From (1) Test From Address for validity c) Reply(1) Test Reply Address for validity d) Received 1 (1) Test for Validitye) Received 2 (1) Test for Validity f) Received 3 (1) Test of ValidityC. Message Receipt 1. Server a) Review results of tests b) Apply rulesbased on test results c) Assign confidence rating d) File mail based onconfidence rating rule 2. Local a) Review results of tests b) Applyrules based on test results c) Assign confidence rating d) File mailbased on confidence rating rule

[0036] As shown in FIG. 8, the general mail blocking program can besupplemented with an authenticator component to enable cooperativedetermination of junk e-mail. This works just as described above, exceptthat it adds the facility of replying to an address supplied by thepresent invention to the subscriber. Users of the present inventionwould be provided with an authentication code certifying that they arenot known spammers. In effect, the system would vouch for theauthenticity, and the “spam check” would be sent to the system of thepresent invention and auto-responded to. If it turned out that thesender had abused his authentication privileges, the authenticationaddress would be added to a list that automatically responds with aknown key phrase in the subject line of the message so that therecipient would know immediately that this sender is not trustworthy.This eliminates having to reply to the original sender, who may beunknown due to blind carbon copies (BCCs), etc. Further, theauthenticator would potentially be receiving additional information onwhether or not a message was a junk e-mail while the message was presentin a user's inbox. If the message was determined to be a junk e-mail,the mail program would be informed, and the user would be able to havethe message automatically discarded or to be marked as potentially junk.If a message has previously been checked but the message was not yetknown to be junk, and if the user has not yet read the message, theauthenticator may “call back” the mail program that previously checkedthe message and identify that the message, although previously thoughtto be okay, is now believed to be junk.

[0037] In order to provide each user with an authentication ID that theauthenticator can use to quickly determine if the sender is a known junke-mailer, the e-mail users would each register, potentially for a fee,and their e-mail program would be assigned a unique identification code.Preferably, the e-mail program would maintain the unique code in secretby the mail program such that the users and others would not see themessage. For example, to prevent a recipient from stealing a unique codeof another user from which he/she has received a message, the e-mailprogram or the e-mail handling system at an ISP or corporate level couldstrip the unique code before delivering the message. That is, when amessage is received, the mail program or mail handling system would sendthe unique code and the “From:” identifier to the authenticator forauthentication. The code and the “From:” identifier would be checkedagainst the database of known junk e-mailers as well as checked forconsistency between the two parts. If the code was for a known junke-mailer, or if the code and the “From:” field did not match, the mailprogram or mail handling system would be warned of the problem. Sincethe message would then be authenticated, the unique code would no longerbe needed and could be stripped before passing the mail message to theuser.

[0038] In an alternate embodiment, the unique code is further protectedby being used in conjunction with message signing and encryption. Themail program (or mail handling system) would send the authenticator amessage to be authenticated, including the digitally signed part, thesignature, and the unique code. The authenticator then would check thesigned part of the message against the signature using the encryptionkey which is registered to the unique code. In this way, addedprotection from junk e-mail is obtained.

[0039] In an alternate embodiment, e-mail programs would send mail to beauthenticated directly to an authentication server. The authenticationserver would check the message as in any of the above methods. When theauthenticator had verified that the message was not part of a junke-mail effort, the authenticator would “sign” the message and send thesigned message on to its intended recipient. The user's mail programthat eventually received the message would be able to authenticate itimmediately as having been pre-authenticated, either by the signature orby the IP address from which the “signed” message was received. Thiswould avoid the mail program from having to perform a remotecommunication before delivering the message.

[0040] In an alternate embodiment, a series of“seeded” e-mail addresseswould be provided on the e-mail service that would be considered earlywarning notification of a junk e-mail effort. These addresses wouldcorrespond to non-existent or ghost accounts which a system has reservedfor junk e-mail detection, e.g., A1 Aardvark and Arnie Apple. If thesemessages use the first set of ASCII characters, then the system would benotified early when A1 Aardvark and Arnie Apple receive the beginning ofa mass junk e-mailing. Thus, the system could immediately identify theremaining messages with the same or similar contents as junk e-mail. Analternate way to do this would be to “seed” newsgroups and memberprofiles with phony addresses that only the provider would know of As aresult, these addresses could be watched for incoming junk e-mail and anotification from the authentication server could then be broadcast tousers indicating that mail with the subject of“XYZ” is junk e-mail. Thiswould allow the client or server of the present invention toautomatically eliminate the junk e-mail. Alternatively, a userrequesting a service provider to handle this automatically would havethe seeded addresses watched, notice the junk e-mail, and automaticallyprevent the mail from being transmitted any further to users that haverequested services of the system of the present invention.

[0041] All of the above are only some of the examples of availableembodiments of the present invention. Those skilled in the art willreadily observe that numerous other modifications and alterations may bemade without departing from the spirit and scope of the invention.

I claim what is new and desired to be secured by Letters Patent is:
 1. Acomputer program product, comprising: a computer storage medium and acomputer program code mechanism embedded in the computer storage mediumfor causing a computer to process electronic mail messages, the computerprogram code mechanism comprising: a first computer code deviceconfigured to receive an incoming electronic mail message; a secondcomputer code device configured to determine a candidate machine and acandidate user id of a purported sender of the incoming electronic mailmessage; a third computer code device configured to send a verificationrequest to the candidate user id at the candidate machine; a fourthcomputer code device configured to receive a verification response tothe verification request; and a fifth computer code device configured toblock delivery of the incoming electronic mail message based on theverification response when the response indicates that the candidatemachine does not exist.
 2. The computer program product as claimed inclaim 1, further comprising: a sixth computer code device configured tosend an authentication message to an authenticator to determine if theincoming electronic mail message purportedly from the candidate user idand candidate machine should be blocked, a seventh computer code deviceconfigured to receive an authentication response from the authenticatorindicating whether the incoming electronic mail message should beblocked; and an eighth computer code device configured to block deliveryof the incoming electronic mail message based on the authenticationresponse.
 3. The computer program product as claimed in claim 1, whereinthe second computer code device comprises a sixth computer code deviceconfigured to parse a “From:” field into the candidate machine and thecandidate user id.
 4. The computer program product as claimed in claim1, wherein the second computer code device comprises a sixth computercode device configured to parse a “Reply-To:” field into the candidatemachine and the candidate user id.
 5. The computer program product asclaimed in claim 1, wherein the fifth computer code device comprises asixth computer code device configured to block delivery of the incomingelectronic mail message based on filtering rules and based on theverification response when the verification response indicates that thecandidate machine does not exist or the candidate user id is invalid. 6.The computer program product as claimed in claim 2, wherein the fifthand eighth computer code devices comprise a ninth computer code deviceconfigured to use a weighted metric to block delivery of the incomingelectronic mail message based on the authentication response and basedon the verification response when the verification response indicatesthat the candidate machine does not exist or the candidate user id isinvalid.
 7. The computer program product as claimed in claim 1, furthercomprising: a sixth computer code device configured to remove theincoming electronic mail message from a user's mail box after deliverywhen the incoming electronic mail message subsequently is identified asa junk electronic mail message.
 8. The computer program product asclaimed in claim 2, wherein: the second computer code device comprises aninth computer code device configured to parse a unique identificationcode from the incoming electronic mail message; and the sixth computercode device comprises a tenth computer code device configured to sendthe unique identification code, the candidate machine, and the candidateuser id to the authenticator.
 9. A computer program product, comprising:a computer storage medium and a computer program code mechanism embeddedin the computer storage medium for causing a computer to processelectronic mail messages, the computer program code mechanismcomprising: a first computer code device configured to receive anincoming electronic mail message; a second computer code deviceconfigured to parse out an intended addressee for the incomingelectronic mail message; a third computer code device configured tocompare the intended addressee to a list of seed addresses whichidentify possible mass mailings, and a fourth computer code deviceconfigured to block delivery of other electronic mail messages when amessage body of the other electronic mail messages is similar to amessage body of the incoming electronic mail message.
 10. The computerprogram product as claimed in claim 9, wherein the fourth computer codedevice comprises a fifth computer code device configured to send themessage body of the incoming electronic mail message to a remoteauthenticator.
 11. The computer program product as claimed in claim 9,wherein the fourth computer code device comprises a fifth computer codedevice configured to send the message body of the incoming electronicmail message to a local authenticator.
 12. A computer-implemented methodof utilizing a computer memory to perform the steps of: receiving anincoming electronic mail message; determining a candidate machine and acandidate user id of a purported sender of the incoming electronic mailmessage; sending a verification request to the candidate user id at thecandidate machine; receiving a verification response to the verificationrequest; and blocking delivery of the incoming electronic mail messagebased on the verification response when the verification responseindicates that the candidate machine does not exist.
 13. Thecomputer-implemented method as claimed in claim 12, further comprisingthe steps of: sending an authentication message to an authenticator todetermine if the incoming electronic mail message purportedly from thecandidate user id and candidate machine should be blocked; receiving anauthentication response from the authenticator indicating whether theincoming electronic mail message should be blocked; and blockingdelivery of the incoming electronic mail message based on theauthentication response.
 14. The computer-implemented method as claimedin claim 12, wherein the step of determining comprises the sub-step ofparsing a “From:” field into the candidate machine and the candidateuser id.
 15. The computer-implemented method as claimed in claim 12,wherein the step of determining comprises the sub-step of parsing a“Reply-To:” field into the candidate machine and the candidate user id.16. The computer-implemented method as claimed in claim 12, wherein thestep of blocking comprises the sub-step of blocking delivery of theincoming electronic mail message based on filtering rules and based onthe verification response when the verification response indicates thatthe candidate machine does not exist or the candidate user id isinvalid.
 17. The computer-implemented method as claimed in claim 13,wherein the steps of blocking comprise a combined sub-step of using aweighted metric to block delivery of the incoming electronic mailmessage based on the authentication response and based on theverification response when the verification response indicates that thecandidate machine does not exist or the candidate user id is invalid.18. The computer-implemented method as claimed in claim 12, furthercomprising: removing the incoming electronic mail message from a user'smail box after delivery when the incoming electronic mail messagesubsequently is identified as a junk electronic mail message.
 19. Thecomputer-implemented method as claimed in claim 13, wherein: the step ofdetermining comprises the sub-step of parsing a unique identificationcode from the incoming electronic mail message; and the step of sendingthe verification request comprises sending the unique identificationcode, the candidate machine, and the candidate user id to theauthenticator.
 20. A computer-implemented method of utilizing a computermemory to perform the steps of: receiving an incoming electronic mailmessage; parsing out an intended addressee for the incoming electronicmail message; comparing the intended addressee to a list of seedaddresses which identify possible mass mailings; and blocking deliveryof other electronic mail messages when a message body of the otherelectronic mail messages is similar to a message body of the incomingelectronic mail message.
 21. The computer-implemented method as claimedin claim 20, wherein the step of blocking comprises sending the messagebody of the incoming electronic mail message to a remote authenticator.22. The computer-implemented method as claimed in claim 20, wherein thestep of blocking comprises sending the message body of the incomingelectronic mail message to a local authenticator.
 23. A computer programproduct, comprising: a computer storage medium and a computer programcode mechanism embedded in the computer storage medium for causing acomputer to process electronic mail messages, the computer program codemechanism comprising: a first computer code device configured to receivean incoming electronic mail message; a second computer code deviceconfigured to determine a candidate machine and a candidate user id of apurported sender of the incoming electronic mail message; a thirdcomputer code device configured to send a verification request to thecandidate user id at the candidate machine; a fourth computer codedevice configured to receive a verification response to the verificationrequest; and a fifth computer code device configured to block deliveryof the incoming electronic mail message based on the verificationresponse when the response indicates that the candidate user id isinvalid.
 24. A computer-implemented method of utilizing a computermemory to perform the steps of: receiving an incoming electronic mailmessage; determining a candidate machine and a candidate user id of apurported sender of the incoming electronic mail message; sending averification request to the candidate user id at the candidate machine;receiving a verification response to the verification request; andblocking delivery of the incoming electronic mail message based on theverification response when the verification response indicates that thecandidate user id is invalid.
 25. A system for blocking undesirede-mails, the system comprising: means for receiving an incomingelectronic mail message; means for determining a candidate machine and acandidate user id of a purported sender of the incoming electronic mailmessage; means for sending a verification request to the candidate userid at the candidate machine; means for receiving a verification responseto the verification request; and means for blocking delivery of theincoming electronic mail message based on the verification response whenthe verification response indicates that the candidate user id isinvalid.
 26. A system for blocking undesired e-mails, the systemcomprising: means for receiving an incoming electronic mail message;means for determining a candidate machine and a candidate user id of apurported sender of the incoming electronic mail message;